<?php /*
	
*/ ?>
<?php include("system/config.inc.php");
$donotinclude = 1;
if(!isset($_SESSION['adminuserid']))
{
	header("location:index.php?msg=logfirst");
	die();
}
	
if(isset($_REQUEST['oid']) && ($_REQUEST['oid'])!="" ) {
	$custid=mysql_real_escape_string($_REQUEST['oid']);
}
// add note to customer & update status
if(isset($_REQUEST['Submit']) && trim($_REQUEST['Submit']) == "Submit")
{
	    $orderid = mysql_real_escape_string($_REQUEST['oid']);
		$title=mysql_real_escape_string($_REQUEST['varcomments']);
		$status = mysql_real_escape_string($_REQUEST['status']);
		if(isset($_REQUEST['notifycustomer']) && ($_REQUEST['notifycustomer'])=='on')
		{
			$notifycustomer=1;
		} else {
			$notifycustomer=0;
		}
		$edit=$_SESSION['adminuserid'];
		//insert note
		$insert="INSERT INTO `tblorderstatushistory` (`intorderid`,`intorderstatusid`,`dtdateadded`,`intcustomernotify`,`varcomments`,`varedite`) VALUES ($orderid,$status,NOW(),'$notifycustomer','$title','$edit')";
		$sql=$obj_db->insert($insert);	
		//update order table with new status
		$updatesql = "UPDATE `tblorders` SET `intcurrentorderstatus`=$status WHERE `intid`=".$orderid;
		$sql=$obj_db->edit($updatesql);	
		if($notifycustomer==1) {
			$sqlsel="select varcustomeremailid from tblorders where intid=$orderid";
			$res=$obj_db->select($sqlsel);
			if($res) {
				$custemail=$res[0]['varcustomeremailid'];
			}
			$headers  = "MIME-Version: 1.0\r\n";
			$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
			$headers .= 'From: '.FROMEMAIL. "\r\n";
			$sub="Your order from ".SITENAME." has had its status updated";
			$message="Your Order with ".SITENAME." has had its status updated
			<br /><br />
			Your Order ID: ".$orderid."
			<br /><br />
			You can check the status of your order via the order tracking option on our website.<br /><br />
			The staff member updating your order has added the following note:<br />
			".stripslashes($title)."<br />
			--<br />
			Thank you<br />
			".SITENAME." Team<br />
			<a href='".WEBSITEURL."'>".WEBSITEURL."</a>";
			$memail = "<html><head><title>".$sub."</title></head><body>".$message."</body></html>";
			mail($custemail, $sub, $memail, $headers);
		}
		header("location:orderinfo.php?msg=statusupdate&oid=$custid");
		die();	
}	
		
if(isset($_REQUEST['Submit32']) && trim($_REQUEST['Submit32']) == "Submit")
{
	    $orderid = mysql_real_escape_string($_REQUEST['oid']);
		$title=mysql_real_escape_string($_REQUEST['admincomment']);
		$status = 1;
		$notifycustomer =3;
		$edit=$_SESSION['adminuserid'];
		$insert="INSERT INTO `tblorderstatushistory`
		(`intorderid`,`intorderstatusid`,`dtdateadded`,`intcustomernotify`,`varcomments`,`varedite`)
		VALUES ($orderid, $status, NOW(), $notifycustomer, '$title','$edit')";
		$sql=$obj_db->insert($insert);				
		header("location:orderinfo.php?msg=add&oid=$custid");
		die();
}
?>
<?php include("inc/header.php");?>
<body>
<script language="javascript" src="js/orderinfo.js"></script>

<table width="80%" border="0" align="center" cellpadding="0" cellspacing="1" class="middlebackground">
  <tr>
    <td colspan="3" valign="top" align="center"><?php include(INC."top.inc.php");?></td>
  </tr>
  <tr>
    <td width="7%">&nbsp;</td>
    <td width="90%" align="center">
	
	<table width="100%" border="0" cellspacing="2" cellpadding="2">
      <tr class="tblbg3">
        <td height="20" colspan="3"  class="font">Orders</td>
        <td width="20%" align="center"><a Title="Click here to Go Back!" href="#"  class="indsml" onClick="history.go(-1);">Back</a></td>
      </tr>
      <tr>
        <td colspan="4"><table width="100%" border="0" cellpadding="2" cellspacing="2" class="border">
          <tr>
            <td width="15%" valign="top" class="font"><strong>Customer:</strong></td>
            <?php
			$sql = "SELECT * FROM `tblorders` WHERE `intid`=$custid";
			$result = $obj_db->select($sql);
			if(count($result)>0)
			{
				for($i=0;$i<count($result);$i++)
				 { 
					$adddate=$result[$i]['dtfinished'];
					$shipmehtd=$result[$i]['shipmethod'];
		            $discountcode=$result[$i]['discountcode'];
			?>

            <td align="left">
				<?php echo stripslashes($result[$i]['varcustomername']);?><br />
				<?php echo stripslashes($result[$i]['varcustomerstreetaddress']);?><br />
				<?php echo stripslashes($result[$i]['varcustomercity']); ?><br />
				<?php echo stripslashes($result[$i]['varcustomerpostcode']);?><br />
				<?php echo stripslashes($result[$i]['varcustomerstate']); ?><br />
				<?php echo stripslashes($result[$i]['varcustomercountry']); ?>
			</td>
            <td valign="top" class="font"><strong>Shipping Address:</strong></td>
            <td align="left">
				<?php echo stripslashes($result[$i]['vardeliveryname']);?><br />
				<?php echo stripslashes($result[$i]['vardeliverystreetaddress']);?><br />
				<?php echo stripslashes($result[$i]['vardeliverycity']); ?><br />
				<?php echo stripslashes($result[$i]['vardeliverypostcode']);?><br />
				<?php echo stripslashes($result[$i]['vardeliverystate']); ?><br />
				<?php echo stripslashes($result[$i]['vardeliverycountry']); ?>
			</td>
            <td valign="top"><span class="font"><strong>Billing Address:</strong></span></td>
            <td align="left">
				<?php echo stripslashes($result[$i]['varbillingname']);?><br />
				<?php echo stripslashes($result[$i]['varbillingstreetaddress']);?><br />
				<?php echo stripslashes($result[$i]['varbillingcity']); ?><br />
				<?php echo stripslashes($result[$i]['varbillingpostcode']);?><br />
				<?php echo stripslashes($result[$i]['varbillingstate']); ?><br />
				<?php echo stripslashes($result[$i]['varbillingcountry']); ?>
			</td>
          </tr>
          <tr>
            <td class="font"><strong>Telephone:</strong></td>
            <td align="left"><?php echo stripslashes($result[$i]['varcustomertelephone']);?></td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td class="font"><strong>E-Mail:</strong></td>
            <td align="left"><?php echo stripslashes($result[$i]['varcustomeremailid']);?></td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
        </table></td>
        </tr>
      <tr class="seprtr">
        <td colspan="4" class="fntstyle">&nbsp;</td>
        </tr>
      <tr>
	  <?php  $sqlm="select * from tblshippingmaster where intid=$shipmehtd";
				 $resm=$obj_db->select($sqlm);
				 if($resm) {
					$charge=$resm[0]['decshipcost'];
				 } else {
					$charge=0.00;
				 }
			?>
        <td class="font"><strong>Shipping </strong>(<?php echo stripslashes($resm[0]['vartitle']);?>)</td>
        <td align="left">&pound;<?php echo number_format($charge, 2, '.', '');?></td>
        <td width="7%">&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td width="24%" align="left" class="font"><strong>Payment Method:</strong> </td>
        <td width="49%" align="left"><?php echo $result[$i]['varpaymentmethod'];?></td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td colspan="4">
		<?php } } ?>
		<table width="100%" border="0" cellpadding="0" cellspacing="2" class="border">
          <tr>
            <td align="center" class="border"><strong>Product Code</strong></td>
            <td align="center" class="border"><strong>Quantity</strong></td>
            <td align="center" class="border"><strong>Name</strong></td>
			<td align="center" class="border"><strong>Unit Price</strong></td>
			<td align="center" class="border"><strong>Options</strong></td>
			<td align="center" class="border"><strong>Unit Price inc options</strong></td>
			<td align="center" class="border"><strong>Quantity Price</strong></td>
          </tr>
		  <?php 
			$sum=0;
			$sql3 = "SELECT * FROM `tblorderproducts` WHERE `intorderid`=$custid";
			$vat=0;
			$result3 = $obj_db->select($sql3);
			if(count($result3)>0) {
				for($i3=0;$i3<count($result3);$i3++) {
		  ?>
          <tr>
            <td align="center" class="sltimg"><?php echo stripslashes($result3[$i3]['intproductid'])?></td>
            <td align="center" class="sltimg"><?php echo stripslashes($result3[$i3]['intquantity'])?></td>
            <td align="center" class="sltimg"><?php 
			$prid= $result3[$i3]['intproductid'];
			$sqlpr="select `varprodname`,`txtdesc` from tblproddesc where intid='$prid'";
			$respr=$obj_db->select($sqlpr);
			if($respr) {
				echo stripslashes($respr[0]['varprodname']);
			}
			?></td>
			<td align="center" class="sltimg">
			<?php
			$sqlpr="SELECT `decprice` FROM `tblproducts` WHERE intprodid='$prid'";
			$respr=$obj_db->select($sqlpr);
			if($respr) {
				echo stripslashes($respr[0]['decprice']);
			}
			$pricewithoptions = $respr[0]['decprice'];
			?>
			</td>
			<td align="left" class="sltimg"><ul>
			<?php
				$attributessql = "SELECT * FROM tblorderproductattributes WHERE intorderproductid=".$result3[$i3]['intid'];
				$attributeresult=$obj_db->select($attributessql);
				for($at=0;$at<count($attributeresult);$at++) {
				
					$attributesql1 = "SELECT tblproductattributes.*, tbloptionvalues.varoptionvaluename, tblproductoptions.varoptionname FROM tblproductattributes INNER JOIN tblproductoptions ON tblproductattributes.intoptionvalueid=tblproductoptions.intid INNER JOIN tbloptionvalues ON tblproductattributes.intoptionid=tbloptionvalues.intid  WHERE intattributeid=".$attributeresult[$at]['intproductoptionid'];
					$attributeresult1=$obj_db->select($attributesql1);
					echo "<li><strong>".stripslashes($attributeresult1[0]['varoptionvaluename']).":</strong> ".stripslashes($attributeresult1[0]['varoptionname'])."(".stripslashes($attributeresult1[0]['charprefix'])." &pound;".stripslashes($attributeresult1[0]['decprice']).")</li>";
				
					$pricewithoptions = $pricewithoptions+$attributeresult1[0]['decprice'];
				}
			?>
			</ul>
			</td>
			<td align="center" class="sltimg">
			&pound; <?php echo $pricewithoptions;?>
			</td>
			<td align="center" class="sltimg">
			&pound; <?php echo $pricewithoptions*$result3[$i3]['intquantity'];?>
			</td>
          </tr>
		  <?php 
		  $globaltot = $globaltot + ($pricewithoptions*$result3[$i3]['intquantity']);		  
		  }
		 }
		  ?>  
        </table>
		
		</td>
        </tr>
       <tr>
        <td colspan="2">&nbsp;</td>
        <td width="170" valign="top" align="right" class="sltimg"><strong>Subtotal</strong></td>
        <td width="50" valign="top" align="center" class="sltimg">&pound; <?php echo $globaltot;?></td>
      </tr>
	  <tr>
        <td colspan="2">&nbsp;</td>
        <td width="170" valign="top" align="right" class="sltimg"><strong>Discount</strong></td>
        <td width="50" valign="top" align="center" class="sltimg">&pound; 
		<?php 
		$dis=0.00;
			$sqld="select * from tbldiscountcode where varcode='$discountcode'";
			$resultd=$obj_db->select($sqld);
			if($resultd) {
			$dicode=$resultd[0]['varcode'];
			$discount= $resultd[0]['decdiscount'];
			$type=$resultd[0]['intdesctype'];
			$minbuy=$resultd[0]['decminbuy'];
				if($globaltot>$minbuy) {
					if($type==1) {	
						$dis=($globaltot*$discount)/100;
						echo number_format(round($dis,2), 2, '.', '');
					} else if($type==2) {
						$dis=$discount;
						echo number_format(round($dis,2), 2, '.', '');
					} else {
						$dis=0.00; echo $dis;
					}
				} else {
					$dis=0.00; echo $dis;
				}
			} else {
				$dis=0.00;
			}
		?>
		</td>
      </tr>
	   <tr>
        <td colspan="2">&nbsp;</td>
        <td width="170" valign="top" align="right" class="sltimg"><strong>Shipping</strong></td>
        <td width="50" valign="top" align="center" class="sltimg">&pound; <?php echo number_format($charge, 2, '.', '');?></td>
      </tr>
	   <tr>
        <td colspan="2">&nbsp;</td>
        <td width="170" valign="top" align="right" class="sltimg"><strong>VAT</strong></td>
        <td width="50" valign="top" align="center" class="sltimg">&pound; 
		<?php 
		// calc tax
		$sum = $globaltot+$charge-$dis;
		$taxsql="SELECT * FROM tbltaxrates";
		$taxresults=$obj_db->select($taxsql);
		$vatamount = $taxresults[0]['vatrate'];
		$amountvat = ($sum/100)*$vatamount;
		echo number_format(round($amountvat,2), 2, '.', '');
		?>
		</td>
      </tr>
	  <tr>
        <td colspan="2">&nbsp;</td>
        <td width="170" valign="top" align="right" class="sltimg"><strong>Grand Total</strong></td>
        <td width="50" valign="top" align="center" class="sltimg">&pound; <?php 
		$gt = $globaltot+$charge+$amountvat-$dis;
		echo number_format($gt, 2, '.', '');?>
		</td>
      </tr>
      <tr>
        <td colspan="4" class="seprtr">&nbsp;</td>
        </tr>
		 <tr>
        <td colspan="4" class="font"><strong>Customer Notes (visible to customer on tracking page)</strong></td>
        </tr>
     <tr>
        <td colspan="4" align="left" class="fntstyle">
		<form id="orderinfo" name="orderinfo" method="post" action="orderinfo.php?oid=<?php echo $custid;?>">
		<table width="100%" border="0" cellpadding="2" cellspacing="2" class="border">
          <tr align="center" class="tblbg3">
            <td>Date Added </td>
            <td>Customer Notified </td>
            <td>Status</td>
            <td>Note</td>
			<td>Actioned by</td>
          </tr>
          <?php 
		  	$sql4 = "SELECT * FROM `tblorderstatushistory` WHERE `intorderid`='$custid' and intcustomernotify!=3";
			$result4 = $obj_db->select($sql4);
			if(count($result4)>0)
			{
				for($i4=0;$i4<count($result4);$i4++)
				 { 
		  ?>
          <tr align="center" class="<?php echo ($i%2==0)?"Hrnormal":"Hralter"; ?>" onMouseOver="this.className='Hrhover';" onMouseOut="this.className='<?php echo ($i%2==0)?"Hrnormal":"Hralter"; ?>';">
            <td><?php echo printdate($result4[$i4]['dtdateadded']);?></td>
            <td><?php
			if($result4[$i4]['intcustomernotify']=='0')	{
				echo "Not Notified";
			} else if($result4[$i4]['intcustomernotify']=='1') {
				echo "Notified";
			}
			?></td>
            <td><?php
				$staid=$result4[$i4]['intorderstatusid'];
				$sql2 = "SELECT * FROM `tblorderstatus` WHERE intid=$staid"; 
				$res2 = $obj_db->select($sql2);
				echo stripslashes($res2[0][1]);	
			  ?>
			</td>
            <td align="left"><?php 
			$com=stripslashes($result4[$i4]['varcomments']);
			echo wordwrap($com,30,"<br />");
			?></td>
			<td align="center">
			<?php 
			if ($result4[$i4]['varedite']=="Auto") {
				echo stripslashes($result4[$i4]['varedite']);
			} else {
				$adminsql = "SELECT varadminfname FROM `tbladmin` WHERE intid=".$result4[$i4]['varedite']; 
				$adminres = $obj_db->select($adminsql);
				echo stripslashes($adminres[0][0]);
			}	
			?>
			</td>
          </tr>
          <?php
		  		}
			}
		  ?>
        </table></td>
        </tr>
      <tr>
        <td colspan="2" align="left" class="fntstyle">Note:</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>	
      <tr>
        <td colspan="2" align="left">
          <textarea name="varcomments" cols="40" rows="06" id="varcomments"></textarea></td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td colspan="2" align="left">&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td align="left" class="font">Status :         
            <select name="status" id="status">
                    <option value="0">Select Status</option>
					<?php
						$statussql = "SELECT * FROM tblorderstatus ORDER BY intid ASC";
						$statusresult = $obj_db->select($statussql);
							for ($ss=0;$ss<count($statusresult);$ss++) {
								echo "<option value=\"".$statusresult[$ss]['intid']."\">".stripslashes($statusresult[$ss]['varstatus'])."</option>";
							}
					?>
            </select>
		</td>
        <td align="left"><input name="Submit" type="submit" class="btn" id="Submit" value="Submit" onClick="return check();"/></td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td colspan="2" align="left" class="sltimg">Notify Customer: 
          <input name="notifycustomer" type="checkbox" id="notifycustomer" value="on" checked="checked" /> 
		</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
	  <tr>
        <td colspan="2">&nbsp;</td>
        <td>&nbsp;</td>
        <td>&nbsp;</td>
      </tr>
    </table>
	</form>
	<br />
	<form id="order" name="order" method="post" action="orderinfo.php?oid=<?php echo $custid;?>">
	<table width="100%" border="0" cellspacing="2" cellpadding="2">
	  <tr>
	    <td colspan="4" class="seprtr">&nbsp;</td>
	    </tr>
		<tr>
	    <td height="20" colspan="4" class="font"><strong>Admin Notes Only (invisible to customer)</strong></td>
	    </tr>
	  <tr>
	    <td colspan="4"><table width="100%" border="0" cellpadding="2" cellspacing="2" class="border">
          <tr align="center" class="tblbg3">
            <td width="29%">Date Added </td>
			<td width="30%">Edited By</td>
            <td width="41%" height="20">Note</td>
            </tr>
          <?php 
		  	$sql4 = "SELECT * FROM `tblorderstatushistory` WHERE `intorderid`='$custid' and intcustomernotify='3'";			
			$result4 = $obj_db->select($sql4);
			if(count($result4)>0)
			{
				for($i4=0;$i4<count($result4);$i4++)
				 { 
				 $status=$result4[$i4]['intorderstatusid'];
		  ?>
          <tr align="center" class="<?php echo ($i%2==0)?"Hrnormal":"Hralter"; ?>" onMouseOver="this.className='Hrhover';" onMouseOut="this.className='<?php echo ($i%2==0)?"Hrnormal":"Hralter"; ?>';">
            <td><?php echo $result4[$i4]['dtdateadded'];?></td>
			<td align="center"><?php 
				$adm=$result4[$i4]['varedite'];
				$sqla="select varadminfname from tbladmin where intid='$adm'";
				$resa=$obj_db->select($sqla);
				if($resa) {
					echo $resa[0]['varadminfname'];
				} else {
					echo $result4[$i4]['varedite'];
				}
				?></td>
            <td align="left"><?php 
			$com=$result4[$i4]['varcomments'];
				if(strlen($com)>500) {
					echo wordwrap($com,50,'<br>');
				} else {
					echo wordwrap($com,50,'<br>');
				}
		  ?></td>
            </tr>
          <?php
		  		}
			}
		  ?>
        </table></td>
	    </tr>
	  <tr>
	    <td class="font" colspan="4"><strong>Admin Only Area-Free Text</strong></td>
	    </tr>
	  <tr>
	    <td  colspan="4">&nbsp;</td>
	  </tr>
	  <tr>
	    <td colspan="4"><textarea name="admincomment" cols="40" rows="06" id="admincomment"></textarea></td>
	  </tr>
	  <tr>
	    <td colspan="4"><input name="Submit32" type="submit" class="btn" id="Submit32" value="Submit"/></td>
	  </tr>
	</table>
</form>
    </td>
    <td width="3%">&nbsp;</td>
  </tr>
  <tr>
    <td colspan="3" align="center"><?php include(INC."bottom.php");?></td>
  </tr>
</table>

</body>
</html>